CN100587726C - System and method for reliable transfer of virtual stamps - Google Patents

System and method for reliable transfer of virtual stamps Download PDF

Info

Publication number
CN100587726C
CN100587726C CN200610106058A CN200610106058A CN100587726C CN 100587726 C CN100587726 C CN 100587726C CN 200610106058 A CN200610106058 A CN 200610106058A CN 200610106058 A CN200610106058 A CN 200610106058A CN 100587726 C CN100587726 C CN 100587726C
Authority
CN
China
Prior art keywords
uiv
value information
information unit
processor
data center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200610106058A
Other languages
Chinese (zh)
Other versions
CN1897039A (en
Inventor
A·奥布瑞
F·W·小瑞安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PITHEY BOWES Inc
Pitney Bowes Inc
Original Assignee
PITHEY BOWES Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PITHEY BOWES Inc filed Critical PITHEY BOWES Inc
Publication of CN1897039A publication Critical patent/CN1897039A/en
Application granted granted Critical
Publication of CN100587726C publication Critical patent/CN100587726C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00362Calculation or computing within apparatus, e.g. calculation of postage value
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • G06Q10/087Inventory or stock management, e.g. order filling, procurement or balancing against orders
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00362Calculation or computing within apparatus, e.g. calculation of postage value
    • G07B2017/00395Memory organization
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00822Cryptography or similar special procedures in a franking system including unique details
    • G07B2017/0083Postal data, e.g. postage, address, sender, machine ID, vendor

Abstract

The present application describes systems and methods for reliable transfer of information of value such as virtual postage stamps between a remote data center and a local device. An identifier that is unique over at least some time duration is assigned to each virtual postage stamp such that the identifier is associated with a specific index memory location or record storage location in the localvirtual stamp-printing device. The local printing device permits only a single use of a virtual stamp using a secure state flag. The transfer protocol provides reliable transfer of virtual stamps between the remote data center and the local printing device that accommodates resend requests, that is not limited to serial transfer and that does not require end-to-end acknowledgements.

Description

The system and method for reliable transfer of virtual stamps
Related application is quoted alternately
The application is relevant with the common unsettled U.S. Patent application No.11/142619 of " method of the use of control custom images " by name submitted on May 31st, 2005.
Technical field
The present invention relates to a kind of system and method for reliable transmission value information, more particularly relate in certain embodiments from remote data center and transmit the postmark mark reliably to a remote equipment, wherein said remote data center comprises the virtual postage charging machine that is used to distribute the postmark mark and described remote equipment is used for storing and printing this postmark value indicia.
Background technology
The mailing machine that comprises postage metering system is well known in the art, and comprises the DM series mailing machine that can obtain from the Pitney Bowes Inc. of Stamford.CT.USA.Can also obtain postage distribution system and data center services from Pitney Bowes Inc based on the internet.Postage metering system is used for applying the postage that postage proves that (so-called postmark) and estimation are distributed to envelope or other mail (directly or at the label that will be applied thereto).
Postage metering system is divided into closed system charging machine or open system charging machine usually.In closed system, systemic-function is exclusively used in postage charging activity usually and usually comprises a dedicated printer that is incorporated into postal security device PSD postage national treasury by safety knot.In open system, printer generally is not exclusively used in the charging activity and is typically connected to a long-range postage safety equipment PSD postage national treasury or virtual PSD.In the open system that is defined by the postmark plan (IBIP) based on United States Post Office (USPS) information, the safety of the postmark that non-dedicated printer is printed is to guarantee for checking subsequently by comprising address information element in the proof of the encryption postage on printing on mail.
In figure punch postage charging machine, guarantee to add up by accessing to your password with printing mechanism between the security that is connected, thereby eliminated needs to the required physical examination of simulation system.In essence, figure punch postage charging machine has been set up a kind of safe point-to-point communication and has been connected between statistic unit and printhead.In this digital closed system, dedicated printer and charging (statistics) device is in operation and can be positioned on same equipment and/or the same position.Perhaps, dedicated printer is positioned at primary importance (just will print the local position of postmark), and (statistics) device that charges is positioned at a remote location, for example in supplier's data center.Under the latter's situation, still requiring dedicated printer is the safety equipment with cryptographic capabilities, and postage type information that receives from (statistics) device that charges such as postmark and charging (statistics) device itself can be verified thus.
The 17 days April in 2003 of Ryan disclosed publication number be in the U.S. Patent application of 2003/0074325A1 by name " method and system that distributes virtual stamps ", a kind of method and system that is used to distribute virtual stamps has been described.Recorded and narrated a kind of virtual stamps and distributed (VSDM) system of charging, the wherein different postmarks that are worth calculate and download on the mailing machine at remote data center.VSDM system storage postmark also distributes described postmark when needed.This system comprises that a secure storage unit and one are used to prevent that duplicity from reusing the positioning indicator of virtual postmark.All having kept a mode field (promptly having sent or not use) for each postmark record indicates postmark whether to be issued (printing).Correspondingly, because postmark is in the remote data center signature, so this VSDM system does not need complicated encryption.Distribute charge system for effectively postmark information being downloaded to postage from remote data center (having virtual PSD), can use network communicating system.
The many networks that comprise traditional public switched telephone network all are designed to provide in can be during the message transmission designated lane or the circuit from the destination of originating.Message is in order integrally along same passage transmission.But for example many communication networks such as internet all are designed to not have the packet network of connection, and it passes the various piece or the bag of message to the destination node that is positioned at network edge from the source node that is positioned at network edge by backbone network along different routes usually.Packet network operates under the connection-oriented reliability services pattern sometimes, thereby can guarantee that the message bag is integrally transmitted in order.In other structure such as Media Stream application, network connects non-reliability services mode operation with nothing, so some bag may suitably be transmitted and do not sent once more.
Network communication protocol has defined control and data message format and order.Message exchange between the computer may be failed because of a variety of causes.Modal remedial measures is made great efforts retry exactly or is resend this message.If the message exchange failure between postage proof equipment and the data center then can cause losing of fund or valuable information.For example, the request of buying postage may not be finished (for example, can not receive clear and definite affirmation) when it transmits on the internet.In this case, the sender does not know whether raw requests is received by data center.As a result, may send same request once more.If initial request has been received by data center, above-mentioned fault is not had (on time) to receive to confirm by the sender and causes, and then data center may think that same client has sent two different purchase orders, and the client can charged twice in this case.
Similarly, if interrupted to the message of finishing that the client transmits from data center, client's clearly affirmation just can not received by data center.Data center may resend this message.In this case, the client can receive the value that doubles his payment.Under a lot of situations, the method that is used for head it off be for each transaction announce its finish before all confirmation requests.But different as the case may be in this case, perhaps user or data center may trust the fund that loses (needing to confirm to finish transaction) owing to lacking.In addition, these systems require the serial transmission of affirmation end to end and value information message usually.The system of the anti-information drop-out measure that enforcement is complicated user interface as a rule all very bothers, and makes them be difficult to be liked by the general user.
Therefore, need a kind of system and method, be used for the message of reliable transmission value information between remote data center and local device, it allows the request of resending, and is not limited to serial transmission and also is not limited to confirm end to end.
Summary of the invention
The application has described a kind of illustrative embodiment that relates to the invention of the system and method for reliable transmission value information between remote data center and local device.In an illustrative embodiment, unique identifier ID and value information unit UIV such as postmark interrelate.This identifier is relevant with a concrete unique index store position or record storage position, and local device can be implemented to store each UIV into specific memory device position.At least local device is designed to monitor and implement the access times of UIV, is that single uses for postmark for example.In one embodiment, UIV user mode indicator is stored in the safe storage and monitors and implement usage policy to keep the user mode mark.
If communication channel is interrupted (even by Replay Attack), remote data center can be retransmitted and send UIV, implements usage policy because remote equipment will be concrete UIV on concrete local device memory location.In at least one embodiment, remote-data transmitter and do not require is end to end confirmed but is relied on affirmation from the intermediate computer that can be connected to remote equipment.And remote data center can send a collection of UIV and receive a collection of affirmation or carry out clear and definite resending selectively according to UIV ID.Correspondingly, described UIV transmission of messages can begin concurrently and handle and can finish with any order.Wash in the bright property embodiment at another, provide a UIV digital signature that combines UIV ID to prevent attack UIV ID.
Description of drawings
Description of drawings the preferred embodiments of the invention so far, and be used for explaining principle of the present invention with above-mentioned summary description and following detailed description.In institute's drawings attached, the identical identical or corresponding part of Reference numeral representative.
Fig. 1 be according to the application's postage proof system the block diagram of an illustrative embodiment.
Fig. 2 is the illustrative embodiment transmission condition of information figure according to the application.
Fig. 3 handles UIV condition of information figure from remote data center according to the application's illustrative embodiment.
Fig. 4 is a FB(flow block) of handling the technological process of UIV message request according to the application's illustrative embodiment at remote data center.
Fig. 5 is the FB(flow block) according to illustrative embodiment technological process of intermediate equipment request virtual stamps (VIV) from this locality of the application.
Embodiment
Illustrative embodiment of the present invention has been described the system and method that is used for reliable transfer of virtual stamps, allows re-send request may, is not limited to serial transmission and also is not limited to confirm end to end.A kind of typical method has reduced and the relevant danger of transmission value information between data center and hardware device, the unique identifier of the memory location that this method is used in value information distributes from equipment.Illustrative embodiment has been described a kind of postage proof system that is used for the transfer of virtual stamps postmark, and can be combined in the method and system that is used to distribute virtual stamps described in the above-mentioned related application.
The multipath transmission of virtual stamps postmark or relevant UIV for example figure is downloaded and the request of for example refund request and so on) can carry out with any order.In addition, for example virtual stamps request, figure are downloaded and transaction such as refund request can be stored on the intermediate equipment such as PC that can be connected to local device.Correspondingly, though also can be after the connection of remote data center dialogue has stopped in this locality from middle PC to the local device playback or repeat described transaction.As a result, that when one of two end points of transaction no longer connect, also can successfully finish failure or incomplete transaction.In addition, transaction is never because not clear error of transmission and must roll-backing or cancel, thus simplified stateful transaction between the two-end-point synchronously and eliminated possible security breaches.
With reference to Fig. 1, a kind of illustrative postage proof system according to the application has been described.Fig. 1 has shown that virtual stamps distributes the various piece of charge system 100.Herein, virtual stamps uses a kind of to traditional similar label of stickup stamp to provide post paid to prove.This system 100 comprises that a value information treatment facility such as virtual stamps distribute (VSDM) system 130 that charges, system 130 comprises VSDM 130 and the relevant coprocessor PC 120 that is positioned at same place, and wherein PC 120 communicates with vendor data center 150 by communicating to connect 190.Communicate to connect 190 and comprise the internet, but also can utilize the network connection that connects or pass through Local Area Network by the phone of public switched telephone network (PSTN).
VSDM 130 can be an independent postage charging machine, perhaps also can be incorporated in the bigger equipment such as mailing machine.In system shown in Figure 1, VSDM 130 is connected on the PC 120 by the communication channel 124 that connects for USB.Also can use other communication channel such as wireless channel, and in another kind of structure VSDM 130 can with data center's 150 direct communications.VSDM 130 or client use 122 and are used to initiate the request to UIV that will be finished by data center.In this structure, described request is sent to data center by the PC that connects.Data center receive with processes said request after, produce an answer (finishing) and send equipment to by described PC once more.The existence that note that described PC is chosen wantonly, and computer PC as described in the middle of can existing in system more than.
Data center 150 comprises that a suitable disposal system with computing equipment such as server computer 160 and one or more are used for the memory element 164 of data storage.Data center 150 also comprises a virtual postmark system that comprises codon system 152 and virtual PSD system recorder memory 154, and wherein there are operation communication in codon system 152 and virtual PSD system recorder memory 154 with server 160.Server system comprises that a server that is used to carry out function described herein uses 162 and equipment state list storage systems 164 (server copy of status list may not always be reflected in the most current stateful transaction of a certain concrete time point, for example when VSDM off-line printing postmark) that are used to store from the copy of the postmark user mode list information of each VSDM130.
Remote data center 150 and one or more local UIV disposal systems 110 (in Fig. 1 in order to describe the clear disposal system that only shown) by any suitable communication network 190 as the mutual electronic communication in internet.Each UIV disposal system 110 can comprise that an intermediate processor 120 is as PC, personal digital assistant or mobile phone or the like.In illustrative embodiment, data center 150 is safeguarded and operation as other mandate serving postal activity of the postage charging machine manufacturing merchant that authorizes or certain by the postmark supplier.Described PC 120 comprises that a client who is used for intermediate processor function as herein described uses 122.In an alternative embodiment, described local UIV disposal system comprises the PC of a band safe and intelligent card, wherein said safety intelligent card has the NVM state table, is used to handle other UIV such as music file, video file, content of multimedia UIV or event tickets.
As shown in Figure 1, VSDM 130 comprises user interface 136, prints hardware 134, nonvolatile memory 132 and comprises the safe processor 138 of nonvolatile memory NVM state table 139.Replacedly, the element of some such as user interface is optional.Safe processor 138 comprises the H8S2218 processor and the RAM of band NVM program and data-carrier store, but can adopt the processor in ASIC, microprocessor, microcontroller or the non-safe processor of being included in that is connected to safe NVM memory state table as an alternative.As a kind of replacement scheme, the IBUTTON of the processor that can use physically safety as obtaining from Dallas Semiconductor (semiconductor).Print hardware 134 and comprise that a direct contact heat printer subsystem comprises USPS IBIP bar code and other controller near the gray scale image of photographic quality with relevant feasible can the printing, alternatively uses other figure punch technology such as ribbon impact or inkjet printing subsystem but also can be used as.The print control unit function can be included in the safe processor 138.
NVM state table 139 comprises that being positioned at safe processor 138 is used for the user mode of each UIV record position of safe storage to implement the eeprom memory of usage policy.Scheme as an alternative, state table can comprise inside and/or the external memory storage that comprises battery backed RAM, EEPROM, magnetic or physical medium etc. (individually or in conjunction with).Similarly, the NVM132 that is used for storing virtual postmark record and image 132 comprises eeprom memory, but can comprise above-mentioned type of memory as an alternative.Handling procedure described here can be used as alternatively with various forms such as but not limited to any enforcement in software, the firmware etc., and can be separately or comprise one or more subroutines, process, step, function call, object or method or the like with mutually combining.In a replacement scheme, comprise that the whole UIV system recorder memory of independently virtual postmark record storage position all is stored in the safe storage.
In the embodiment depicted in fig. 1, charging machine 130 does not comprise postal security device (PSD), is the virtual postmark that specific postage name is distributed but print in advance by the PSD through approval that combines with data center 150.But should be appreciated that also can use and comprise that PSD is positioned at other replacement scheme of the embodiment of client.Be in operation, the user sends a request of buying postage from charging machine 130 or the PC 120 that exists together to data center 150.The type of request can have many kinds, and table 1 has shown one of them example.The user needs the stamp of two two $0.23 and the stamp of four four $0.37.In a replacement scheme, the user can select from the equivalent of predetermined menus option as 20 stamp booklets or 100 stamp catalogues.Data center 150 can require pin or use to comprise other authentication method of two-way authentication.
Table 1
Device id Index The postage denomination Cut-off date The state table state The indicia data of encrypting Signature
1A1B2 1 $0.23 On June 1st, 2005 Issue ************************** 1234567890ABCDE
1A1B2 2 $0.23 On June 1st, 2005 Do not use ************************** 234567890ABCDEF
1A1B2 3 $0.37 On June 1st, 2005 Issue ************************** 34567890ABCDEF1
1A1B2 4 $0.37 On June 1st, 2005 Issue ************************** 4567890ABCDEF12
1A1B2 5 $0.37 On June 1st, 2005 Issue ************************** 567890ABCDEF123
1A1B2 6 $0.37 On June 1st, 2005 Do not use ************************** 67890ABCDEF1234
As response, data center 150 produces a considerable amount of virtual postage data recording (postmark of the corresponding request of each record) and gives VSDM charging machine 130 or intermediate processor as herein described 120 with their safe transmission (for example using SSL to connect).Data center 150 at first inquiry unit state table 164 can use to determine which memory location, distributes them then successively.Perhaps data center 150 can determine next available memory location according to the state table copy that it is contained in the device status table database 164.Here, 6 positions at first can be used, and unique ID of 6 virtual stamps at first is exactly, and device id connects memory location value 1 to 6 respectively.In the replacement scheme of an enhancing security, charging machine 130 is necessary for next available memory location of the transaction prompting right that will handle.Table 1 has been described postmark that a kind of handle downloads from data center 150 and has been stored in method the NVM132.The cut-off date representative can be sent the last day of (promptly printing) this postmark.
In safety NVM state table 139, kept a state for each postmark, promptly 0 or 1, issued or do not used, represent postmark whether to issue.As an alternative, described state also can be kept by when postmark is released it being deleted.Also can provide other state levels.The indicium barcode data with cipher mode storage in case the assailant simply from NVM24 reading of data print postmark with standard printer then.Each record also comprises the memory location index value that a digital signature, this digital signature comprise described virtual stamps data and device id and be used to prevent revise and implement unique memory location requirement.Digital signature is invalid as described in all can making as any modification of the memory location of quantity, state and/or virtual stamps record any field.Correspondingly, safe processor can be by checking whether signature effectively comes signature verification before printer operation or operation refund request.Therefore, safe processor can be implemented as the requirement that each concrete virtual stamps record distributes unique memory location.
Preferably, the postage data recording uses the key that is assigned to specific charging machine printer 130 to encrypt, and carries out digital signature by data center 150 before being sent to charging machine 130.130 of charging machines play the function that postage is printed, and postage distributes and estimation function is carried out by data center 150.In a replacement scheme, the virtual stamps data recording is not encrypted but is digitally signed.So charging machine 130 is implemented a strategy, the postmark of the correct name of label that this printer ID in allowing only printing and being stored securely in charging machine 130 is relevant.
In case be appreciated that charging machine 130 and data center 150 are synchronous, data center's state recording 164 of specific charging machine just can be updated.Also should be appreciated that can be greater than available storer on concrete equipment for the state table stores device of each devices allocation in data center.The history setting of device status table before therefore, data center's state table stores device can keep.Although the unique UIV ID of device id and index combination can not be repeated to use, can be assigned to a new index and replacement for usefulness again with the stamp position of crossing, can distribute a new UIV ID thus.In a replacement scheme, data center is distributing new index and new thus unique ID to receive that from the postal post-processing system information shows that a specific virtual stamps has been introduced into and/or has been delivered to its final destination or middle destination for wait for up to it before using always again for the position.In another replacement scheme, the stamp index position can not be changed usefulness again, but by providing new device id that equipment is reduced with replacement stamp index stores position for using again.
As mentioned above, postage proof system 130 makes the user maybe will put at mail and prints virtual stamps postmark image (custom images that also comprises the user) on the label on the mail.The accompanying drawing of back has been described the process of using system shown in Figure 1, and the communication protocol that between remote data center and local printing equipment, provides reliable virtual stamps to transmit, it allows the request of resending, and being not limited to serial transfer does not need to confirm end to end yet.Distribute a unique ID to each value information unit (UIV) as virtual stamps, song, video, picture or ticket, it preferably adds that by unique hardware device ID the position that will store UIV in the equipment constitutes.In a replacement scheme, marker characteristic such as ethernet address that another is unique are used as device id.Safe processor 138 comprises the secure program memory that can not be changed by the user, and it has implemented to store each UIV into a dedicated location (thereby equipment can provide security to a certain degree).Strengthen in the replacement scheme of security at another, can limit the available memory position that is used for specific charging machine 130 or the quantity of state table index position.Certain usage policy is all monitored and implemented to data center 150 and charging machine 130, and this usage policy makes in the present embodiment that above-mentioned virtual stamps can only use once with relevant unique ID before the cut-off date.
Described illustrative host-host protocol provides the error recovery of simplifying.Because virtual stamps UIV can only be loaded in the specific charging machine and only in a specific memory location of this charging machine, data center 150 can transmit unlimited (reasonably) same UIV payment message safely and carry out by the recovery of disrupt communications, and no matter what (trial of error of performance even fraud system) is the reason that is interrupted be.This may be because the reception of each message can rely on unique ID defined above to come from the new request (answer) of playback difference of the message of having received.In another embodiment, data center 150 can further rely on to the cut-off date use and to never reuse the use of this strategy for the security memory location that strengthens.In addition, shown agreement allows the UIV message on storage intermediate node between the destination of the source of described data center and described charging machine.For example, the UIV message of receiving from data center 150 can be stored on the PC 120 and download to when charging machine is connected to PC on the charging machine 130 afterwards.Middle PC can provide the communication session of any desired affirmation and end subsequently and data center 150, gives charging machine 130 with the UTV transmission of messages after a while then.Therefore, do not need to confirm end to end.
The transaction of UIV transmission of messages can not examined the order of used unique ID and be begun and/or finish.As a result, can begin and handle a plurality of transaction concurrently, and they can finish in any order also possible out-of-sequence.Should be appreciated that postage proof system 100 just can implement a specific embodiments of post-processing system of the present invention, invention as herein described can also be used in other those open or closed post-processing systems for example recited above.
Referring to Fig. 2, described illustrative embodiment according to the application and sent a process flow diagram that comprises from condition of information Figure 200 of the UIV request of local device.The affirmation of message before this message can comprise UIV or only comprise one.In activity 210, the PC on local counting equipment or the same position produces the request to virtual stamps of the message that will send as signature, or receives the message that will be hopped.At state 215, equipment state is for being ready to send message, and movable 220, message sends.At state 225, equipment has sent a message and has waited for sure affirmation.If equipment is received a sure affirmation, it is along route 235 exit status 225 and enter committed state 250.If equipment is overtime when wait acknowledge, it arrives the affirmation of late message along route 230 exit status 225, the affirmation of this late message trigger reenter state 225 resend message circuit 240.In this embodiment, comprise next available memory location in the request to virtual stamps of signature.Do not worry that thereby equipment can freely resend this request data center can be used as be resending of different requests but not raw requests resending, this is because the repetition message with next identical storage address can be ignored by data center.In a replacement scheme, counting equipment 130 is that each virtual stamps of being asked distributes UIV ID, and they may be inordinate.In this case, data center will only handle a request to each unique UIV ID.From the angle of counting equipment 130, it is because the described UTV that downloads may be used in the time period between the UIV of two repetitions message in advance that the UIV of repetition is abandoned.
With reference to Fig. 3, described according to the application's a illustrative embodiment and handled a process flow diagram from condition of information Figure 30 0 of remote data center.The affirmation of message before this message can comprise UIV or only comprise one.In activity 310, data center receives message such as UIV request message and enters and receives state 315.System road 320 along the line is withdrawed from and is received state 315 and enter expression and accept state 330 as the origination message state if this request is unique.Otherwise if confirm to repeat, then system road along the line 325 exit status 315 enter and confirm as repeat mode 340.Original UIV response (for example a plurality of UIV download) to this request uses the record from database 154 to make up 335.Perhaps, described response can be stored in the database, just retrieval simply under the situation of repetitive requests.In activity 350, system resends this original response to described request.
If message is accepted at state 330, then system withdraws from this state along creating the route 335 of replying information and sending UIV.In a replacement scheme, system also checked before accepting UIV message and comprises next correct memory location in the UIV message request.In this case, receive in the message that next wrong memory location can be used to cause a possible spoofed message to begin next step action and revoke as the account or to suspend use.In another replacement scheme, implemented other security system and check, comprise that is used to limit a register that resends number of times.After having handled request (referring to Fig. 4), system construction UIV response concurrent give this UIV response.Should be noted that the response to raw requests and repetitive requests is identical, this responds needed logic thereby simplified processing.In any case, Message Processing all finishes in step 355.
Referring to Fig. 4, the illustrative process flow process of handling the UIV message request according to the application's a illustrative embodiment at remote data center has been described.In step 410, data center receives from VSDM or is positioned at the virtual postmark request of the processor that exists together that it may comprise request shown in Figure 1.In step 415, data center handles this postage estimation and squeezes into the postage quantity of being asked to this postage account.When processing comprises the request of common UIV of song etc., use traditional payment processes.In step 420, the state table copy of inquiry data center of data center is thought definite next the available memory location of UIV storage.In a replacement scheme, virtual postmark request must comprise the correct evaluation of next available memory position so that handle continuation.In step 425, data center utilizes the UIV ID by device id and memory location index mark symbol (as shown in table 1) decision to produce suitable virtual postmark.
In step 430, data center uses a private key that virtual stamps is carried out digital signature together with UIV ID, and wherein said private key has a corresponding public key that can reside among charging machine 130 or the PC 120.Perhaps, data signature does not comprise UIV ID, and PKI can use traditional means to obtain.In step 435, the state table that data center upgrades data center has been sent to charging machine to represent these UIV.In step 440, data center is transferred to UIV charging machine or is positioned at the processor that exists together.Data center needn't wait the affirmation of a UIV before sending another UIV.In addition, data center will receive the single or colony affirmation from end system charging machine or intermediate processor.In step 445, data center uses overtime or does not significantly have acknowledge message and need to determine whether to retransmit, if work, required UIV retransmits in data center.
Referring to Fig. 5, described according to the application's a illustrative embodiment and sent illustrative process flow process from the UIV of local device or intermediate equipment request message.In according to an embodiment shown in Figure 1, used an intermediate communication equipment 120 to ask and store the system of same position such as the UIV that charging machine 130 must use.In step 510, PC 120 sends a plurality of UIV requests, the request to 6 virtual stamps that example is as shown in table 1.This request can be derived from charging machine 130 or PC 120.PC 120 is subsequently at step 515 storage postmark.In a replacement scheme, charging machine 130 is stored in postmark the memory location of distribution.PC sends single or colony's affirmation in step 520 to data center then.Correspondingly, PC 120 can finish also can send described UIV to charging machine 130 after a while with the communication session of data center 150.
In one embodiment, system is confirming to wait the message that a period of time for example received UIV information in 1 minute before any UIV.If UIV sends with the sequential storage order, system can also provide colony to confirm, approval is used for expression and number has received UIV by this memory location really certainly.
According to a further aspect of the invention, data center can push away UIV to local device, for example so that post-free propaganda or the like to be provided.Because transaction can be carried out with any order, data center can prepare a message and message be downloaded to this equipment next time when connecting for hardware device.This makes and can prepare UIV (for example postage, image, song) under the ignorant situation of user before hardware device connects.Message can be pushed to equipment during connecting subsequently, and this makes data center can reward loyal user with extra UIV or allows user certain UIV on probation as a part of propagating.
Although above the preferred embodiments of the invention are explained and illustrated, be to be understood that these are example of the present invention, should not be taken as restriction.On basis without departing from the spirit and scope of the present invention, can do to add, delete, replace and other modification.Should be appreciated that desired the present invention can implement in comprising the multiple different post-processing system of known various open systems and closed system.In addition, notion of the present invention is not limited in the indicia prints field and uses, but can be used for the reliable transmission at the relevant optional type value indicia of for example selling ticket and digital content distribution right management system.

Claims (14)

1. one kind from remote data center with processor method to the value information treating apparatus with unique ID and a plurality of value informations unit UIV memory location dispense value message unit UIV, each value information unit UIV memory location has the memory location identifier at the customer location place, and described method comprises:
Receive a value information unit UIV request at remote data center processor place, wherein UIV request in value information unit comprises available memory location identifier;
Use described processor from the data center's value information unit UIV state table that is associated with the value information treatment facility, to obtain available memory location border and know symbol;
Use described processor to determine to comprise a value information unit UIV ID of unique device id and above-mentioned available memory location identifier;
Use described processor to produce a unique value information unit UIV in response to value information unit UIV request, described value information unit UIV request comprises value information unit UIV data, value information unit UIV ID and the digital signature of value information unit UIV data and value information unit UIV ID at least;
Use described processor to distribute an original user mode to described unique value information unit UIV;
Use described processor to send described unique value information unit UIV, and whether also uncertain described value information unit UIV request is repetitive requests in response to described value information unit UIV request;
Use described processor to verify the memory location identifier of described value information unit UIV request corresponding to expectation; And
Use data center's value information unit UIV state table that described update processor is associated with described unique value information unit UIV to reflect described original user mode.
2. method according to claim 1 is characterized in that, described unique value information unit UIV is sent to described value information treatment facility.
3. method according to claim 1 is characterized in that, described unique value information unit UIV is sent to the intermediate processor that is positioned at same position with the value information treatment facility.
4. method according to claim 1 is characterized in that, described method further comprises:
Whether the affirmation that definite and described unique value information unit UIV is associated receives in a period of time; With
If in the described time period, do not receive described affirmation, then resend described unique value information unit UIV.
5. method according to claim 1 is characterized in that, described value information unit UIV comprises virtual stamps; And described value information treatment facility comprises that virtual stamps distributes charging machine VSDM.
6. method according to claim 1 is characterized in that, described value information unit UIV request is received from described value information treatment facility.
7. method according to claim 1 is characterized in that, described value information unit UIV request is to receive from the intermediate processor that is in same position with described value information treatment facility.
8. method according to claim 1 is characterized in that, described value information unit UIV memory location comprises the memory index pointer position.
9. method according to claim 1 is characterized in that, described method further comprises: handle the payment of described value information unit UIV request.
10. method according to claim 1 is characterized in that, described method further comprises:
Receive second copy of described value information unit UIV request at remote data center; With
Resend described unique value information unit UIV subsequently, and also uncertain value information unit UIV confirms whether be received.
11. a virtual stamps distribution system comprises:
User interface subsystem;
Be configured to print the printer of a plurality of virtual stamps, each virtual stamps uses virtual stamps postage data recording corresponding to single, wherein virtual stamps postage data recording comprises indicia data field, id field and signature field, and wherein said id field comprises unique virtual stamps distribution system identifier, memory index identifier and mode field, and wherein said signature field comprises the digital signature of indicia data field and id field at least;
Communication subsystem;
Nonvolatile memory with a plurality of memory locations, each memory location are configured to store in a plurality of indicia data fields;
Safe nonvolatile memory with a plurality of physical memory location, each physical memory location is by each memory index identifier sign and be configured to store in a plurality of mode fields one, and each in the non-volatile physical memory location of wherein a plurality of safety is associated one to one with each nonvolatile memory position;
Be coupled to the processor of user interface subsystem, printer, communication subsystem, nonvolatile memory and safe nonvolatile memory, wherein
Thereby described processor be configured to by use signature field implement stored configuration will specific virtual stamps data recording only store in the id field in the non-volatile physical memory location of safety that identifies uniquely and the nonvolatile memory position that is associated, and
Wherein said processor is configured to upgrade and specific virtual stamps postage data recording associated state field after the virtual stamps that is associated is printed.
12. system as claimed in claim 11 is characterized in that, described communication subsystem is configured to communicate with juxtaposed processor, wherein juxtaposed processor be used to provide the remote data center of virtual stamps postage data recording to communicate.
13. system as claimed in claim 11 is characterized in that,
Described virtual stamps postage data recording comprises the postage value field.
14. system as claimed in claim 11 is characterized in that,
Described processor is a physical security.
CN200610106058A 2005-05-31 2006-05-31 System and method for reliable transfer of virtual stamps Expired - Fee Related CN100587726C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/142,618 US7555467B2 (en) 2005-05-31 2005-05-31 System and method for reliable transfer of virtual stamps
US11/142,618 2005-05-31

Publications (2)

Publication Number Publication Date
CN1897039A CN1897039A (en) 2007-01-17
CN100587726C true CN100587726C (en) 2010-02-03

Family

ID=37025097

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200610106058A Expired - Fee Related CN100587726C (en) 2005-05-31 2006-05-31 System and method for reliable transfer of virtual stamps

Country Status (4)

Country Link
US (1) US7555467B2 (en)
EP (1) EP1736934B1 (en)
CN (1) CN100587726C (en)
CA (1) CA2548713C (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7533067B2 (en) * 2005-06-30 2009-05-12 Pitney Bowes Inc. Control panel label for a postage printing device
US20070067633A1 (en) * 2005-09-21 2007-03-22 Pitney Bowes Incorporated Method for securely managing an inventory of secure coprocessors in a distributed system
US8308819B2 (en) * 2006-12-19 2012-11-13 Pitney Bowes Inc. Method for detecting the removal of a processing unit from a printed circuit board
US8139733B2 (en) * 2006-12-27 2012-03-20 Pitney Bowes Inc. Simultaneous voice and data systems for secure catalog orders
US8046311B2 (en) 2008-07-01 2011-10-25 Neopost Technologies Postal indicia generating system and method
US8281407B2 (en) * 2008-12-09 2012-10-02 Pitney Bowes Inc. In-line decryption device for securely printing documents
WO2013086082A1 (en) * 2011-12-07 2013-06-13 Psi Systems, Inc. High volume serialized postage at an automated teller machine or other kiosk
CN104461411A (en) * 2014-11-10 2015-03-25 占红武 Individual postmark printing system

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2072456A1 (en) * 1991-07-31 1993-02-01 Armin Kohler External servicing devices for postage meters
FR2700043B1 (en) * 1992-12-30 1995-02-10 Neopost Ind Franking machine allowing to memorize a history.
US5715164A (en) * 1994-12-14 1998-02-03 Ascom Hasler Mailing Systems Ag System and method for communications with postage meters
US5781438A (en) * 1995-12-19 1998-07-14 Pitney Bowes Inc. Token generation process in an open metering system
US6005945A (en) * 1997-03-20 1999-12-21 Psi Systems, Inc. System and method for dispensing postage based on telephonic or web milli-transactions
US6064993A (en) * 1997-12-18 2000-05-16 Pitney Bowes Inc. Closed system virtual postage meter
US6424954B1 (en) * 1998-02-17 2002-07-23 Neopost Inc. Postage metering system
US6757280B1 (en) * 1998-10-02 2004-06-29 Canon Kabushiki Kaisha Assigning unique SNMP identifiers
US6746330B2 (en) * 1999-09-21 2004-06-08 Igt Method and device for implementing a coinless gaming environment
US6438530B1 (en) * 1999-12-29 2002-08-20 Pitney Bowes Inc. Software based stamp dispenser
US6996538B2 (en) * 2000-03-07 2006-02-07 Unisone Corporation Inventory control system and methods
US7152049B2 (en) 2001-10-05 2006-12-19 Pitney Bowes Inc. Method and system for dispensing virtual stamps
AU2002363753A1 (en) * 2001-11-15 2003-05-26 United States Postal Service Shipping shared services postage indicia
US8108322B2 (en) 2002-07-29 2012-01-31 United States Postal Services PC postage™ service indicia design for shipping label
US20040249771A1 (en) * 2002-12-24 2004-12-09 Lisa Berg Method of providing a unique identifier for a mailpiece
US20040177049A1 (en) 2003-03-04 2004-09-09 Pitney Bowes Incorporated Method and system for protection against parallel printing of an indicium message in a closed system meter
US7319989B2 (en) 2003-03-04 2008-01-15 Pitney Bowes Inc. Method and system for protection against replay of an indicium message in a closed system meter
US7324973B2 (en) * 2004-04-16 2008-01-29 Video Gaming Technologies, Inc. Gaming system and method of securely transferring a monetary value
US7264154B2 (en) * 2004-07-12 2007-09-04 Harris David N System and method for securing a credit account

Also Published As

Publication number Publication date
CA2548713C (en) 2012-02-21
CA2548713A1 (en) 2006-11-30
EP1736934A3 (en) 2007-03-28
EP1736934B1 (en) 2011-11-30
US20060259444A1 (en) 2006-11-16
US7555467B2 (en) 2009-06-30
CN1897039A (en) 2007-01-17
EP1736934A2 (en) 2006-12-27

Similar Documents

Publication Publication Date Title
CN100587726C (en) System and method for reliable transfer of virtual stamps
US7778924B1 (en) System and method for transferring items having value
US7962423B2 (en) Method and system for dispensing virtual stamps
US5729460A (en) Method for payment of the recrediting of an electronic postage meter and arrangement for the operation of a data central
US5812991A (en) System and method for retrieving postage credit contained within a portable memory over a computer network
US6385731B2 (en) Secure on-line PC postage metering system
EP1014311B1 (en) Method and apparatus for securely transmitting keys from a postage metering apparatus to a remote data center
CN1908986B (en) Method to control the use of custom images
US5778066A (en) Method and apparatus for authentication of postage accounting reports
WO1998014909A2 (en) System and method for retrieving postage credit over a network
AU2002330240A1 (en) Method and system for dispensing virtual stamps
US20040236705A1 (en) Device accounting system
US7996884B2 (en) Method and arrangement for server-controlled security management of services to be performed by an electronic system
US7058614B1 (en) Method and devices for printing a franking mark on a document
JP2002507800A (en) Apparatus and method for postage meter authentication management
US6851619B1 (en) Method and devices for printing a franking mark on a document
US7113928B1 (en) Franking machine and operating method thereof
US7171368B1 (en) Method and apparatus for the remote inspection of postage meters
WO2000055817A1 (en) Improvements relating to postal services
EP1399837A2 (en) Postal counter postage evidencing system with closed loop verification

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100203

Termination date: 20190531